How DashViz protects business accounts and uploaded data.

• Authentication is delegated to a specialized identity provider (Clerk). DashViz does not see, store, or transmit Customer passwords.
• Multi-factor authentication is available through the identity provider; we recommend that Customers enable it on every account.
• Sessions are protected by signed credentials; the browser does not receive database administrator secrets.
• Protected product areas require sign-in and access checks before Business Data is shown.
• Operational access to Customer data is limited to the personnel who need it for support, security, or troubleshooting, and is logged.

• Connections between the browser and the DashViz service use industry-standard TLS in transit.
• Customer data stored in the DashViz database and object storage is encrypted at rest using the encryption provided by our database and storage platforms.
• Each Customer's Business Data is segregated at the database level, with permission checks enforced before queries return data.
• Database backups are taken on a rolling basis to support service recovery; backups are retained for up to thirty (30) days and are not a substitute for the Customer's own records.
• Logs and diagnostics are used to investigate errors, abuse, and security events, and are retained for up to twelve (12) months.

• AI requests are routed through DashViz-controlled servers; AI providers do not receive direct browser access to Customer accounts.
• Under Anthropic's commercial API terms, Business Data sent through the Anthropic API is not used to train Anthropic's models.
• Generated database queries are designed to be read-only and pass through validation steps before execution; configuration data created in DashViz (alerts, dashboards, settings) is stored normally.
• AI outputs are intended as analytical aids and are not a substitute for professional advice or for verifying source data.

DashViz can protect the Service, but the Customer controls the account, uploaded data, connected systems, and people who are allowed to use the account.

• Use strong authentication practices, enable multi-factor authentication, and protect devices, sessions, and credentials.
• Grant account access only to authorized people and remove access promptly when it is no longer needed.
• Upload only data the business is legally allowed to process through DashViz, with the necessary rights, notices, and consents.
• Review dashboards, AI answers, alerts, and exports before making decisions; treat outputs as analytical aids, not authoritative records.
• Maintain the business's own records, backups, compliance program, legal notices, retention schedules, and incident-response procedures.
• Notify DashViz at security@dashviz.ai promptly if unauthorized access is suspected.

You are solely responsible for the data you upload, connect, or transmit through DashViz. Uploading the categories below puts the regulatory, contractual, civil, and criminal responsibility on you, not DashViz, and the Terms of Use indemnification and liability provisions apply in full. The categories below are not exhaustive; a fuller list with regulatory references is in Section 5 of the Terms of Use.

DashViz appreciates security researchers who help us improve. If you believe you have found a vulnerability, email security@dashviz.ai with a description, reproduction steps, and any proof-of-concept material. Please do not access or modify other Customers' data, perform denial-of-service or destructive testing, or publicly disclose the issue before we have had a reasonable opportunity to investigate and remediate.

DashViz will not pursue legal action against good-faith security researchers who report vulnerabilities responsibly under this safe harbor and who comply with applicable law. This safe harbor does not authorize attacks on third-party providers, accessing data that is not your own without permission, exfiltrating data, or violating the privacy of Customers or their users.

If a security incident affecting Customer information is confirmed, DashViz will work to contain and remediate the incident, communicate with affected Customers without undue delay, and provide legally required notices, including, where applicable, under Arizona Revised Statutes § 18-552 and other state and federal breach-notification laws. We aim to share factual information about what happened, what data was affected, and what we are doing to address it.

DashViz cannot guarantee that unauthorized access, data loss, service disruption, or misuse will never occur. DashViz is not responsible for incidents caused by Customer credentials, Customer devices, Customer networks, Customer-authorized users, Customer configurations, third-party services outside DashViz's control, Customer-provided data, force majeure events, or malicious activity that defeats reasonable safeguards, except to the extent responsibility cannot be limited by law. The Terms of Use govern DashViz's liability and disclaim warranties; nothing on this page modifies those Terms or creates a warranty.